Director of IT & Information Security

About The Position

Requirements

• 15+ years of progressive experience across IT operations, cybersecurity, infrastructure, and compliance leadership with at least 8 years in a regulated environment.
• Proven experience managing enterprise IT infrastructure, cloud environments, applications, and security operations.
• Hands-on experience with NIST SP 800-171 and/or CMMC compliance.
• Experience in a regulated environment such as DoD, aerospace, defense contracting, or similar.
• Experienced people leader with demonstrated experience across both operational IT and cybersecurity functions.
• Active U.S. Secret clearance preferred; ability to obtain and maintain a clearance required.
• Strong communications skills with the ability to translate technical and security risks into business impact.
• Only U.S. citizens can be considered for this position.

Nice To Haves

• CISSP, CISM, or equivalent cybersecurity certification and/or experience.
• Experience with ERP systems and enterprise business applications.
• Familiarity with ISO9001, vulnerability management, and secure infrastructure practices.
• Experience working in classified or air-gapped environments.

Responsibilities

• Lead enterprise IT operations, including infrastructure, applications, support services, cloud systems, and business systems.
• Own Incident Management, Change Management, and Security Response processes, providing both strategic oversight and hands-on leadership during operationally significant or high-impact events.
• Ensure system availability, reliability, scalability, and operational resilience.
• Develop and manage IT budgets, vendor relationships, infrastructure planning, and technology roadmaps.
• Lead and develop IT personnel and/or managed service providers.
• Support facility expansion, business transformation initiatives, and enterprise growth.
• Develop, implement, and maintain the company’s information security program.
• Lead cybersecurity operations including vulnerability management, monitoring, incident response, audit readiness, and risk management.
• Oversee implementation of security controls, system hardening, access management, logging, Security Information and Event Management (SIEM), and endpoint protection.
• Provide cybersecurity leadership and guidance to the Information Systems Security Manager (ISSM) and broader IT organization.
• Assess and communicate cybersecurity risks to leadership and stakeholders.
• Support enterprise resilience and security operations, including disaster recovery, digital forensics, insider threat, and compliance-related activities.
• Accountable for overall CMMC readiness and certification efforts, with execution led in partnership with the ISSM and supported through established governance, audit oversight, and separation of duties controls.
• Ensure compliance with NIST SP 800-171, DFARS, and applicable contractual or regulatory requirements.
• Oversee maintenance of System Security Plans (SSPs), Plans of Action & Milestones (POA&Ms), security policies, and audit documentation.
• Coordinate internal and external audits, assessments, remediation activities, and customer security reviews.
• Support the Cybersecurity Governance Committee and provide executive-level reporting on cybersecurity posture, risks, incidents, and remediation progress.
• Oversee third-party and supplier security risk management.
• Maintain appropriate governance, risk visibility, and separation of duties across IT and cybersecurity functions.

Benefits

• health insurance
• paid parental leave
• flexible time off
• 401(k) with employer contributions
• life insurance
• disability insurance
• potential stock options